From 281ef555c40cf292809ad10d623d0571fafc790e Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Sat, 11 Jun 2011 06:35:12 +0000
Subject: configurator: add client_max_header_size directive

Lowering this will lower worst-case memory usage and mitigate some
denial-of-service attacks.  This should be larger than
client_header_buffer_size.

The default value is carried over from Mongrel and Unicorn.
---
 t/t0045-client_max_header_size.sh | 90 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100755 t/t0045-client_max_header_size.sh

(limited to 't')

diff --git a/t/t0045-client_max_header_size.sh b/t/t0045-client_max_header_size.sh
new file mode 100755
index 0000000..17cbc29
--- /dev/null
+++ b/t/t0045-client_max_header_size.sh
@@ -0,0 +1,90 @@
+#!/bin/sh
+. ./test-lib.sh
+skip_models StreamResponseEpoll
+
+t_plan 11 "client_max_header_size tests for $model"
+
+t_begin "setup Rainbows!" && {
+	rainbows_setup $model
+}
+
+t_begin "fails with zero size" && {
+	ed -s $unicorn_config <<EOF
+,s/^  client_max_body_size.*/  client_max_header_size 0/
+w
+EOF
+	grep "client_max_header_size 0" $unicorn_config
+	rainbows -D env.ru -c $unicorn_config && die "should fail"
+}
+
+t_begin "fails with negative value" && {
+	ed -s $unicorn_config <<EOF
+,s/^  client_max_header_size.*/  client_max_header_size -1/
+w
+EOF
+	grep "client_max_header_size -1" $unicorn_config
+	rainbows -D env.ru -c $unicorn_config && die "should fail"
+}
+
+t_begin "fails with small size" && {
+	ed -s $unicorn_config <<EOF
+,s/^  client_max_header_size.*/  client_max_header_size 7/
+w
+EOF
+	grep "client_max_header_size 7" $unicorn_config
+	rainbows -D env.ru -c $unicorn_config && die "should fail"
+}
+
+t_begin "starts with minimum value" && {
+	ed -s $unicorn_config <<EOF
+,s/^  client_max_header_size.*/  client_max_header_size 8/
+w
+EOF
+	grep 'client_max_header_size 8$' $unicorn_config
+	rainbows -D env.ru -c $unicorn_config
+	rainbows_wait_start
+}
+
+t_begin "smallest HTTP/0.9 request works right" && {
+	(
+		cat $fifo > $tmp &
+		printf 'GET /\r\n'
+		wait
+		echo ok > $ok
+	) | socat - TCP:$listen > $fifo
+	wait
+	test xok = x"$(cat $ok)"
+	test 1 -eq $(wc -l < $tmp)
+	grep HTTP_VERSION $tmp && die "unexpected HTTP_VERSION in HTTP/0.9 request"
+}
+
+t_begin "HTTP/1.1 request fails" && {
+	curl -vsSf http://$listen/ > $tmp 2>&1 && die "unexpected curl success"
+	grep '400$' $tmp
+}
+
+t_begin "increase client_max_header_size on reload" && {
+	ed -s $unicorn_config <<EOF
+,s/^  client_max_header_size.*/  client_max_header_size 512/
+w
+EOF
+	grep 'client_max_header_size 512$' $unicorn_config
+	kill -HUP $rainbows_pid
+	test xSTART = x"$(cat $fifo)"
+}
+
+t_begin "HTTP/1.1 request succeeds" && {
+	curl -sSf http://$listen/ > $tmp
+	test 1 -eq $(wc -l < $tmp)
+	dbgcat tmp
+}
+
+t_begin "no errors in stderr" && {
+	check_stderr
+}
+
+t_begin "shutdown" && {
+	kill $rainbows_pid
+}
+
+t_done
-- 
cgit v1.2.3-24-ge0c7